diff options
author | glebius <glebius@FreeBSD.org> | 2015-10-22 19:42:57 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2015-10-22 19:42:57 +0000 |
commit | 9163b6ba3bf49312e356f13c0a8208d05a79e484 (patch) | |
tree | c69f4aae895073471547d394a727baaaa68d758b /usr.sbin/ntp | |
parent | bb011941f0bd9e2ce1ade58a6f1f25eeb2141c9d (diff) | |
parent | aae1e7d66cee27b1a209ea5b8ca21ed12e129103 (diff) | |
download | FreeBSD-src-9163b6ba3bf49312e356f13c0a8208d05a79e484.zip FreeBSD-src-9163b6ba3bf49312e356f13c0a8208d05a79e484.tar.gz |
MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.
Diffstat (limited to 'usr.sbin/ntp')
-rw-r--r-- | usr.sbin/ntp/config.h | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp-keygen.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp.conf.5 | 54 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp.keys.5 | 6 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpd.8 | 27 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpdc.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpq.8 | 16 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/sntp.8 | 7 | ||||
-rwxr-xr-x | usr.sbin/ntp/scripts/mkver | 2 |
9 files changed, 92 insertions, 32 deletions
diff --git a/usr.sbin/ntp/config.h b/usr.sbin/ntp/config.h index 4d0a5e1..f836d7d 100644 --- a/usr.sbin/ntp/config.h +++ b/usr.sbin/ntp/config.h @@ -1785,5 +1785,5 @@ typedef union mpinfou { /* * FreeBSD specific: Explicitly specify date/time for reproducible build. */ -#define MKREPRO_DATE "Jul 04 2015" -#define MKREPRO_TIME "15:42:16" +#define MKREPRO_DATE "Oct 22 2015" +#define MKREPRO_TIME "17:58:31" diff --git a/usr.sbin/ntp/doc/ntp-keygen.8 b/usr.sbin/ntp/doc/ntp-keygen.8 index 89c4e09..197adbf 100644 --- a/usr.sbin/ntp/doc/ntp-keygen.8 +++ b/usr.sbin/ntp/doc/ntp-keygen.8 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTP_KEYGEN 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:44:02 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntp.conf.5 b/usr.sbin/ntp/doc/ntp.conf.5 index 4ed9440..c7af12d 100644 --- a/usr.sbin/ntp/doc/ntp.conf.5 +++ b/usr.sbin/ntp/doc/ntp.conf.5 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:42:07 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1905,7 +1905,7 @@ re\-associate accordingly. Some administrators prefer to avoid running .Xr ntpd 8 continuously and run either -.Xr ntpdate 8 +.Xr sntp 8 or .Xr ntpd 8 .Fl q @@ -1997,7 +1997,7 @@ peers remaining. This value defaults to 1, but can be changed to any number from 1 to 15. .It Cm minclock Ar minclock -The clustering algorithm repeatedly casts out outlyer +The clustering algorithm repeatedly casts out outlier associations until no more than .Cm minclock associations remain. @@ -2388,6 +2388,9 @@ This implies that must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided. +.It Ic dscp Ar value +This option specifies the Differentiated Services Control Point (DSCP) value, +a 6\-bit code. The default value is 46, signifying Expedited Forwarding. .It Xo Ic enable .Oo .Cm auth | Cm bclient | @@ -2487,6 +2490,19 @@ This option is useful for sites that run .Xr ntpd 8 on multiple hosts, with (mostly) common options (e.g., a restriction list). +.It Ic leapsmearinterval Ar seconds +This EXPERIMENTAL option is only available if +.Xr ntpd 8 +was built with the +.Cm \-\-enable\-leap\-smear +option to the +.Cm configure +script. +It specifies the interval over which a leap second correction will be applied. +Recommended values for this option are between +7200 (2 hours) and 86400 (24 hours). +.Sy DO NOT USE THIS OPTION ON PUBLIC\-ACCESS SERVERS! +See http://bugs.ntp.org/2855 for more information. .It Ic logconfig Ar configkeyword This command controls the amount and type of output written to the system @@ -2620,7 +2636,9 @@ holds the names of the reference clock variables. .Cm freq Ar freq | .Cm huffpuff Ar huffpuff | .Cm panic Ar panic | -.Cm step Ar srep | +.Cm step Ar step | +.Cm stepback Ar stepback | +.Cm stepfwd Ar stepfwd | .Cm stepout Ar stepout .Oc .Xc @@ -2680,6 +2698,19 @@ adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default. +.It Cm stepback Ar stepback +The argument is the step threshold for the backward direction, +which by default is 0.128 s. +It can +be set to any positive number in seconds. +If both the forward and backward step thresholds are set to zero, step +adjustments will never occur. +Note: The kernel time discipline is +disabled if +each direction of step threshold are either +set to zero or greater than .5 second. +.It Cm stepfwd Ar stepfwd +As for stepback, but for the forward direction. .It Cm stepout Ar stepout The argument is the stepout timeout, which by default is 900 s. It can @@ -2696,19 +2727,22 @@ pulses will not be suppressed. .Xc .Bl -tag -width indent .It Cm memlock Ar Nmegabytes -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the .Fl i option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non\-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .It Cm stacksize Ar N4kPages Specifies the maximum size of the process stack on systems with the -.It Cm filenum Ar Nfiledescriptors -Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default. .Fn mlockall function. Defaults to 50 4k pages (200 4k pages in OpenBSD). +.It Cm filenum Ar Nfiledescriptors +Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default. .El .It Xo Ic trap Ar host_address .Op Cm port Ar port_number diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5 index 4ec3bb3..b1bcb3c 100644 --- a/usr.sbin/ntp/doc/ntp.keys.5 +++ b/usr.sbin/ntp/doc/ntp.keys.5 @@ -1,13 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTP_KEYS 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" .\" $FreeBSD$ .\" -.\" $FreeBSD$ -.\" -.\" It has been AutoGen-ed February 4, 2015 at 02:42:10 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntpd.8 b/usr.sbin/ntp/doc/ntpd.8 index 665aa0b..243f96d 100644 --- a/usr.sbin/ntp/doc/ntpd.8 +++ b/usr.sbin/ntp/doc/ntpd.8 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTPD 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:42:12 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -146,7 +146,7 @@ The name and path of the frequency file, by default. This is the same operation as the \fBdriftfile\fP \fIdriftfile\fP -configuration specification in the +configuration specification in the \fI/etc/ntp.conf\fP file. .It Fl g , Fl \-panicgate @@ -165,6 +165,19 @@ options. See the \fBtinker\fP configuration file directive for other options. +.It Fl G , Fl \-force\-step\-once +Step any initial offset correction.. +.sp +Normally, +\fBntpd\fP +steps the time if the time offset exceeds the step threshold, +which is 128 ms by default, and otherwise slews the time. +This option forces the initial offset correction to be stepped, +so the highest time accuracy can be achieved quickly. +However, this may also cause the time to be stepped back +so this option must not be used if +applications requiring monotonic time are running. +See the \fBtinker\fP configuration file directive for other options. .It Fl i Ar string , Fl \-jaildir Ns = Ns Ar string Jail directory. .sp @@ -188,7 +201,7 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -\fBinterface\fP command, which is more versatile. +\fBinterface\fP command, which is more versatile. .It Fl k Ar string , Fl \-keyfile Ns = Ns Ar string path to symmetric keys. .sp @@ -521,6 +534,8 @@ when you have permission to do so from the owner of the target host. Finally, in the past many startup scripts would run .Xr ntpdate 8 +or +.Xr sntp 8 to get the system clock close to correct before starting .Xr ntpd 8 , but this was never more than a mediocre hack and is no longer needed. @@ -530,7 +545,9 @@ and you still need to set the system time before starting .Nm , please open a bug report and document what is going on, and then look at using -.Xr sntp 8 . +.Xr sntp 8 +if you really need to set the clock before starting +.Nm . .Pp There is a way to start .Xr ntpd 8 diff --git a/usr.sbin/ntp/doc/ntpdc.8 b/usr.sbin/ntp/doc/ntpdc.8 index 3373614..74129c4 100644 --- a/usr.sbin/ntp/doc/ntpdc.8 +++ b/usr.sbin/ntp/doc/ntpdc.8 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTPDC 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:42:44 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntpq.8 b/usr.sbin/ntp/doc/ntpq.8 index 1eba486..bcd1fba 100644 --- a/usr.sbin/ntp/doc/ntpq.8 +++ b/usr.sbin/ntp/doc/ntpq.8 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt NTPQ 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:43:19 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -226,7 +226,9 @@ switch. This command allows the specification of a key number to be used to authenticate configuration requests. This must correspond -to a key number the server has been configured to use for this +to the +.Cm controlkey +key number the server has been configured to use for this purpose. .It Ic keytype Xo Oo .Cm md5 | @@ -506,6 +508,14 @@ offset of server relative to this host .It Ic jitter jitter .El +.It Ic apeers +Display a list of peers in the form: +.Dl [tally]remote refid assid st t when pool reach delay offset jitter +where the output is just like the +.Ic peers +command except that the +.Ic refid +is displayed in hex format and the association number is also displayed. .It Ic pstats Ar assocID Show the statistics for the peer with the given .Ar assocID . diff --git a/usr.sbin/ntp/doc/sntp.8 b/usr.sbin/ntp/doc/sntp.8 index 4d09cb0..9bcc78d 100644 --- a/usr.sbin/ntp/doc/sntp.8 +++ b/usr.sbin/ntp/doc/sntp.8 @@ -1,11 +1,11 @@ -.Dd February 4 2015 +.Dd October 21 2015 .Dt SNTP 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed February 4, 2015 at 02:34:20 AM by AutoGen 5.18.5pre4 +.\" It has been AutoGen-ed October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -59,7 +59,8 @@ Otherwise, only the is displayed. Finally, the .Em stratum -of the host is reported. +of the host is reported +and the leap indicator is decoded and displayed. .Sh "OPTIONS" .Bl -tag .It Fl 4 , Fl \-ipv4 diff --git a/usr.sbin/ntp/scripts/mkver b/usr.sbin/ntp/scripts/mkver index 0fc94be..2bc36b5 100755 --- a/usr.sbin/ntp/scripts/mkver +++ b/usr.sbin/ntp/scripts/mkver @@ -6,7 +6,7 @@ PROG=${1-UNKNOWN} ConfStr="$PROG" -ConfStr="$ConfStr 4.2.8p3" +ConfStr="$ConfStr 4.2.8p4" case "$CSET" in '') ;; |